The vulnerability arises in OpenClaw versions prior to 2026.5.6 and allows an attacker who can reach the Skill Workshop apply endpoint to set the apply flag to true even though the approvalPolicy is configured as pending. This bypass enables the attacker to apply workshop changes without proper authorization, thereby potentially altering system configurations or workflows that should have required an explicit approval step. The weakness is classified as CWE‑863, indicating an authorization bypass. Based on the description, it is inferred that an attacker must be able to reach the Skill Workshop apply endpoint to exploit this flaw.

The affected product is OpenClaw, specifically the component known as OpenClaw. All installations running a version earlier than 2026.5.6 are considered vulnerable; no narrower version range is specified in the available data.

The CVSS score of 6.0 identifies this issue as a moderate severity vulnerability. No EPSS score is available, so the exact likelihood of exploitation is unclear; however, the attack path requires access to the affected apply path, suggesting that attackers would need at least application-level access. The vulnerability is not listed in CISA KEV, indicating it may not have been exploited in the wild yet. Based on the description, it is inferred that if the apply path is exposed to untrusted users, the risk escalates, potentially enabling unauthorized changes that can compromise system integrity. Based on the description, it is inferred that attackers would need application-level access to the affected apply path, and that exposure of the apply endpoint to untrusted parties would increase risk.